Openwall GNU/*/Linux - a small security-enhanced Linux distro for servers
[<prev] [next>] [day] [month] [year] [list]
Date: Fri, 18 Dec 2015 08:12:05 +0000
From: CSW Research Lab <>
To: "" <>, 
	"" <>, 
	"" <>, 
	"" <>, 
	"" <>
Subject: [FD] [CVE-2015-8606] SilverStripe CMS & Framework v3.2.0 - Cross-Site
 Scripting Vulnerability

=======[SilverStripe CMS & Framework v3.2.0 – Cross-Site Scripting


Vulnerability Type : Cross Site Scripting Vulnerability
Vulnerable Version : 3.2.0
Severity: Medium
Author – Arjun Basnet
CVE-ID: CVE-2015-8606


SilverStripe CMS is prone to Cross-site scripting vulnerability because it
fails to sanitize user-supplied input. An attacker may leverage this issue
to execute arbitrary script code
in the browser of an unsuspecting user of the affected site.

Proof of Concept URL


Severity Level:


Vulnerable Product:

[+] SilverStripe CMS & Framework v3.2.0

Vulnerable Parameter(s):

[+]  Locale
[+]  FailedLoginCount

Report Timeline

05-Nov-2015- Reported
11-Nov-2015- Vendor Response
16-Nov-2015- Vendor Fixed
13-Dec-2015- Public disclosed

Fixed Version:

[+] SilverStripe CMS & Framework v3.2.1



Credits & Authors
Arjun Basnet from Cyber Security Works Pvt. Ltd. (

About Cybersecurityworks
Cybersecurity Works is basically an auditing company passionate working on
findings & reporting security flaws & vulnerabilities on web application
and network. As professionals, we handle each client differently based on
their unique requirements. Visit our website for more information.

Powered by blists - more mailing lists

Your e-mail address:

Please check out the Open Source Software Security Wiki, which is counterpart to this mailing list.

Powered by Openwall GNU/*/Linux - Powered by OpenVZ